How businesses can cope with the looming Windows XP deadline

How businesses can cope with the looming Windows XP deadline

Summary: Six months and counting. That's how long you've got until Microsoft stops delivering security updates for Windows XP, leaving those machines vulnerable to outside attackers. Here are three strategies you can use to kick-start the migration process.


You hear that ticking sound? The one that got noticeably louder this week?

How businesses can cope with the looming Windows XP deadline

That’s the sound of the alarm clock set to go off on April 8, 2014. On that date, Microsoft will release its last security updates for Windows XP, whose extended support period will come to a hard stop. That end date is now less than six months away, which means you really should stop procrastinating and start planning on how you’re going to avoid being part of a relatively small population that will be targeted by every piece of villainous scum in the universe.

Exactly how many PCs will still be out there running Windows XP next April? Good luck with that forecast. It’s hard enough to get current estimates, with the two most popular sources estimating that XP-powered machines constitute between 20.5 percent (StatCounter) and 31.42 percent (NetMarketShare) of the installed base of PCs and Macs worldwide.

If we assume that 1-2 percent of those machines upgrade or die each month for the next six months, that still leaves more than 100 million PCs still running Windows XP when security updates stop next April. Will you be one of them? And if so, why?

Frankly, I can’t imagine anyone deliberately choosing to continue using an outdated and increasingly insecure operating system when other options are readily available. But I can understand people who feel forced to remain on a platform for compatibility’s sake.

Businesses of every size that are wrestling with the how-to-upgrade-from-XP question can be blocked from migrating for a variety of reasons. (I discussed the topic at length with Dell’s Margaret Walsh in a recent Google+ hangout that’s now available for replay.)

If the hardware is of relatively recent vintage (any system older than five years has probably outlived its usefulness), you can upgrade to a supported version of Windows—ideally Windows 7 or Windows 8.1. For desktop PCs, some hardware upgrades might be required, but that’s still less than the cost of a new PC.

If your budget is so tight that the cost of an OS upgrade is too much to bear, now might be the time to consider switching to a free alternative like Linux, along with open-source apps and free or low-cost services to complement them.

For most mobile devices and older desktops, though, a replacement PC is usually a smarter investment than a potentially expensive combination of hardware and software upgrades plus the cost of the labor to install them. New hardware is also generally easier and cheaper to manage, maintain, and secure than older PCs, which are more likely to break and where replacement parts can be hard to find and expensive.

But what if you don’t have the luxury of switching? Here are three strategies to adopt if you can’t cut your XP ties right away.

Pull the (network) plug

One reader told me last week that switching away from Windows XP wasn’t an option for him because of some custom audio mixing software he uses. There’s no upgrade option available, there’s no acceptable alternative program, and the software needs direct access to audio hardware, so it won’t run in a virtual machine. In the past, I’ve heard similar stories from people using peripherals like scanners and custom printers that require device drivers only available for Windows XP.

If there’s truly no possibility of upgrading or replacing that must-have program or device, then the best solution is to move that PC off the network, out of harm’s way. Disconnect its Internet connection so you (and others) cannot use it for email or web browsing and thus can’t expose yourself to potentially malicious software or network intrusion attempts.

You can use removable media (carefully) to copy files between this isolated XP PC and other machines that have full Internet access. But if you’re really keeping that XP box around just for one purpose, let it be dedicated to that purpose.

Virtualize the problem apps

Some older apps simply don’t work on Windows 7, and in extreme cases incompatible apps are blocked from installation completely. For off-the-shelf applications, there’s usually an upgrade available, or a suitable replacement program.

A much worse problem, especially in enterprise settings, is with custom line-of-business apps that would cost a fortune to update—or, worse, can’t be updated because the program’s author is long gone and no one has the slightest idea how it works.

If the OS version is the only roadblock, you should be able to solve the compatibility conundrum by running the problem app in a well-sandboxed virtual machine (VM). Windows 8.x Pro and Enterprise have Hyper-V virtualization built in. Windows 7 Pro includes Windows XP Mode and Virtual PC, which has the advantage of eliminating the cost of an XP license for your VM. You can use VMware or Virtual Box on Windows 7 or, for that matter, on a PC running Linux.

With your virtualization software  Set up a VM running Windows XP, lock it down firmly so it can’t be used for web browsing or email, and then install your XP-only app. You can use the physical machine, with its modern, fully patched operating system, for everyday tasks and use the VM exclusively for that one app.

On enterprise networks, you can use application virtualization or session virtualization to package older apps and allow them to run in an isolated environment on client PCs, using Microsoft’s App-V, Citrix’s XenApp, or other similar solutions.

Ask for help

If your organization is large enough, you can call on outside resources for assistance with app compatibility testing, app management, and deployment. And instead of thinking of this as a one-time chore designed to fix a single problem, think of it as an opportunity to prepare IT systems for the future.

Compatibility testing is a huge issue for organizations, Jefferson Raley of Dell’s Strategic Consulting Practice told me last week. On average, he said, large organizations have about 700 apps installed for every 10,000 users. Very large enterprises might have 10,000 installed apps and several thousand more Web-based apps. To assist organizations that are stuck on an XP treadmill, Dell has set up a new Windows Migration Fast Forward service, which can transition up to 5000 PCs in five sites in 16 weeks. 

"We can get you to the April deadline,” said Raley, “but let's clean up your environment at the same time." By doing a comprehensive range of compatibility testing and setting up automated deployment and management tools, those outside consultants can process up to 500 apps a week, deciding which ones should enter the new environment as is, which ones can be virtualized, and which ones should be retired. The key is making sure that the infrastructure you build today will help you not just with this migration but with the next one, and the one after that.

The clock is ticking.

Topics: Windows, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Refusing to let go

    Since June 2012, I have had 3 systems die on me.
    - Dell Dimension 8300 ran Windows XP Professional from March 2004 to June 2012

    - Acer laptop originally came with Vista Ultimate December 2006, upgraded to Windows 7 Ultimate then Windows 8 Pro then started experiencing problems around June 2013, only booted when it felt like it, eventually stop booting around early September 2013.

    - HP Workstation came with Windows Vista Business from November 2008 to August 2013, PSU died around August. Its still a decent system, 2 GBs of RAM, could run Windows 7 or 8 just fine. In fact, I was testing the preview on it.

    The Acer was running Windows 8 just fine, had 4 GBs of RAM installed, but just like the HP, hardware failed. The PSU for the HP is proprietary, hard to source and also expensive.

    Even the Dell Dimension which I had upgraded from the factory installed 512 MBs of RAM to 2GBs of RAM ran Windows 8 up to the Consumer Preview then the CPU requirements prevented it from running future releases, but it could have run Windows 7 without any problems.

    So, I would say, any system from 2004 up can run Windows 7, some might require investment in upgrades such as memory, decent GPU, but it should work.

    Losing 3 systems over the span of year though is crushing, right now, I only have a HP desktop at home and my PC I use at work. Right now, I am just letting go. Evaluating my use of technology and what I am doing my next technology investment is not another traditional computer (laptop or desktop), but a smartphone. When I look at what I do: Listening Music, Facebook, Email, information consumption: ZDNET, CNET, NeoWin, Google News I honestly do not need another computer.

    When I want to watch movies, I can do that on the desktop.

    Yes, I have gone off track, but losing those 3 PC's have kind of evolved my thinking around the relevance of PC and what I do on it. I rarely need use Office and if I do, I can use the free Office Web apps and I have Office 2007 installed.

    I don't know, I guess I'm just not excited anymore.
    • Not sure what this has to do with enterprise and small business

      Congratulations on getting a PC with a design flaw (that 2004 Dell 8300 had real overheating problems) to last nearly 10 years, and that Acer also lasted nearly seven years, which is an eternity in computing.

      But I am not sure what this personal experience has to do with business migration.
      Ed Bott
      • Ten Glorious Years

        Hey, it's my Dell 8300's Tenth Birthday today!
        Yes, Ed, you need to keep hoovering out the cat-fluff.
        And yes, I do use it for Business. Small business maybe, but I need to eat.

        My "Subsistence Migration Strategy" is to keep my upgraded-to-the-hilt XP machine as an off-line XP Application & Peripherals Server, and spend my paltry migration budget on a W8.1 touchscreen ultrabook to handle. My data is on a Network Drive so (apart from XP Applications) I'll be able to work from a cafe, pool, beach: anywhere my personal Marissa Mayer can't phone me back to the Home Office :-)

        PS Come Easter 2014 I'll be looking out for a cheap used high-spec XP machine as Back-Up. Should have a choice :-)
      • Even though it may SEEM off-subject

        After reading "refusing to let go's" comments - I belive there actually is some insight to migration issues:
        maybe we should all RETHINK how we are using - and therefore how and what - we are deploying --- in regards to technology in the workplace --- just a thought ---
        BTW - I am NOT AT ALL agreeable to "the Cloud" - I do use virtualization quite a bit, but having all of our core infrastructure for business hosted by some other thied-party group is not a good idea in my opinion. I am an advocate for Enterprise Cloud (as the current buzz-word goes...)
        I have over 200+ Host systems and VMs in every location in South Carolina - running (mostly) Windows 2003 R2 and XP VMs --- we have a migration/upgrade plan - but with budget cuts we have no man-power to perform OS upgrades. this is a challenging time for many of us - I'm sure
    • Soooo....

      how long do you expect your smartphone to last? Because 5 years from now (and at least 2 smartphones later) you won't be any more excited, I don't think.
      Andrej Petelin
    • Computer Crashes

      Most crashes occur due to software over running the hardware limits. I have a desktop that runs XP that was originally built in the 1980's. Windows Vista or later will not run on that system due to it's age. All the crashes that I have gone through were due to software problems from the start. Once XP is pulled I would suggest using Linux Mint, as this OS is small and compatible with most Windows based programs. Also the cost is free all you need to do is download it. Windows is too costly for the average consumer.
  • You forget a significant source of the probelm...

    There are a lot of very expensive instruments that run XP (or WIn2K, or...) like Mass Spectrometers, network analyzers, radio simulators where upgrades start at $50K and can run a million. There is a LOT of this stuff out there. The manufacturers haven't upgraded the CPUs to support newer OS and haven't upgraded the app software, drivers, or DLLs for later stuff. Heck, there's still stuff that runs DOS. Not everything is a desktop, and a lot of applications have a high knock-on cost.
    • This was covered in the article

      Disconnect from the internet and use the special case XP (or older machines). What makes me wonder, is if who spends $50K on a device with no support or options for future upgrades?
      • That isn't always practical.

        Especially for the larger (more expensive) MRI/PET scanners...

        These generate many 10s of GBs of data to be processed... and that data has to be stored somewhere else - and the only effective way to transfer it is by network.
        • That's why the recommendation was to disconnect if from the INTERNET.

          From the article:

          "Disconnect its Internet connection..."
          • Some people confuse "network" for the "internet"

            when in truth they're two different things.
          • The Internet is commonly described as a network of networks

            Thus, the Internet is a network.

            Isn't an *isolated internal network* the appropriate language to use in this case for specialized devices and instruments which require Windows XP to operate and need to communicate with other systems, whether for control, storage or processing?
            Rabid Howler Monkey
          • Re: *isolated internal network*

            With the requirement, that this network does not have any other Windows system, that is connected or has been connected to Internet..

            Then, one remembers the case of the Iranian centrifuges...
          • Good advice, danbi

            Don't make your unsupported Windows XP Pro systems a target by using centrifuges to create Highly Enriched Uranium. :)
            Rabid Howler Monkey
          • And you forget how often viruses get into "isolated" networks.

            Networks are never fully isolated. Data WILL be exchanged.
          • @jessepollard, this is entirely about risk reduction

            An isolated internal network carries less risk than either a corporate Intranet (a much larger-scale isolated internal network) or the Internet.

            Want zero risk? Use an abacus and an etch-a-sketch.

            P.S. Also, as an example, IntelliAdmin, LLC, has a couple of free tools that one (read Windows system administrator) can use to easily disable and enable USB and CD-ROM drives:
            o USB Drive Disabler 2.0
            o CD ROM Drive Disabler 2.0
            Rabid Howler Monkey
          • Tell that to the most isolated network...

            The DoD run an internal, isolated network for classified operations.

            Guess what - it gets hit with viruses all the time.

            Isolated networks are never fully isolated.
          • Company network tied to Internet

            Kind of difficult to do when the company's intranet runs across the same physical lines as the Internet connections. Both are controlled out of a separate physical office in another state, or country (as in Spain in this case).
          • Re: "Disconnect its Internet connection..."

            Ah, that deja vu moment...

            Once upon a time, the most serious recommendation by Microsoft to secure Windows was "disconnect from the network".
        • Network does not mean Internet

          It's perfectly possible to have an isolated network that isn't connected to the internet so don't worry, jessepollard, you can still store data on a network connected storage device. Just ensure that when you transfer the data to the internet - if that's what's required, you unplug your MRI/PET scanner.
          This should generate a market for a new type of firewall - one where, not too dissimilar from a demilitarised zone, you can have an internet-free zone where data can be transferred to and from other computers on the network but all internet access is totally blocked. Or is such a firewall already available???